Canonicalization from Jim Schaad (Exchange) on 1999-10-21 (w3c-ietf-xmldsig@w3.org from October to December 1999)

From: Jim Schaad (Exchange) <jimsch@EXCHANGE.MICROSOFT.com>
Date: Thu, 21 Oct 1999 16:06:57 -0700
To: "W3c-Ietf-Xmldsig (E-mail)" <w3c-ietf-xmldsig@w3.org>
Message-ID: <EAB5B8B61A04684198FF1D0C1B3ACD194A70AF@DINO>

I was playing around looking at the canonicalization and put together this
example:  (Don't pretend that the acutal structure of the source is correct.

This source ---
------------------------------------------
  <SignInfo>
    <CanonicalizationAlgorithm
name="http://www.w3.org/1999/07/WD-xml-CanonicalizationAlg-19990729"/>
    <SignatureAlgorithm name="urn:rsasdi-com:rsa">
      <DigestAlgorithm name="urn:nist-gov:sha1"/>
    </SignatureAlgorithm>
    <ObjectReference>
      <Location HREF="sha-testcase-1"/>
      <DigestAlgorithm name="urn:nist-gov:sha1"/>
      <DigestValue
encoding="urn:dsig:base64">qZk+NkcGgWq6PiVxeFDCbJzQ2J0=</DigestValue>
    </ObjectReference>
  </SignInfo>
-----------------------------------------

Is going to be encoded as 

--------------------------------------------
  <n1:SignInfo xmlns:n1="http://www.w3.org/1999/10/signature-core">
    <n1:CanonicalizationAlgorithm
xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:name="http://www.w3.org/1999/07/WD-xml-CanonicalizationAlg-19990729"
xmlns:n2="http://www.w3.org/1999/10/signature-core"></n1:CanonicalizationAlg
orithm>
    <n1:SignatureAlgorithm
xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:name="urn:rsasdi-com:rsa"
xmlns:n2="http://www.w3.org/1999/10/signature-core">
      <n1:DigestAlgorithm
xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:name="urn:nist-gov:sha1"
xmlns:n2="http://www.w3.org/1999/10/signature-core"></n1:DigestAlgorithm>
    </n1:SignatureAlgorithm>
    <n1:ObjectReference xmlns:n1="http://www.w3.org/1999/10/signature-core">
      <n1:Location xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:HREF="sha-testcase-1"
xmlns:n2="http://www.w3.org/1999/10/signature-core"></n1:Location>
      <n1:DigestAlgorithm
xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:name="urn:nist-gov:sha1"
xmlns:n2="http://www.w3.org/1999/10/signature-core"></n1:DigestAlgorithm>
      <n1:DigestValue xmlns:n1="http://www.w3.org/1999/10/signature-core"
n2:encoding="urn:dsig:base64"
xmlns:n2="http://www.w3.org/1999/10/signature-core">qZk+NkcGgWq6PiVxeFDCbJzQ
2J0=</n1:DigestValue>
    </n1:ObjectReference>
  </n1:SignInfo>
---------------------------------------------

In this example, the first 62% of the document (roughly 840 characters) is
the same for all signed messages. (This assumes that the same
canonicalization and signature algorithm are routinely used.)  This means
that the data that changes from message to message is not contriubuting as
much to the hash computation as it could. I would like to fight this by
changing the order of the fields in signed info to 

ObjectReferece, CanonicalizationAlgorithm SignatureAlgorithm

I don't believe this will hurt any implemenations as I do not believe that
one pass parsing and signature evalution is possible in XML and this
significantly improves the hash as you cannot preload 50% of the hash
computation.

jim

Received on Thursday, 21 October 1999 19:07:01 UTC